Securing Vehicles with Automotive Intrusion Detection Systems (IDS)

It has long been established that cybersecurity is becoming more important in the automotive industry. The mass adoption of cybersecurity practices in the industry is in line with the development of vehicle technology. Nowadays vehicles have more complex internal structures and are more exposed to external communication channels, meaning that there are more endpoints that need protection from cyber threats. Automakers are turning to various cybersecurity approaches to secure their vehicles, one of the most common ones being automotive intrusion detection systems (IDS).

What is an Automotive IDS?

An automotive IDS is an intrusion detection system adapted specifically for the automotive industry. These solutions monitor network traffic entering and traversing the vehicle, as well as the activities within the vehicle’s components, to detect traffic anomalies or potentially malicious activity. IDS compares the monitored traffic and behaviors against a database of known cyber threats and attack patterns. If a match is found, it raises an alert to the relevant administrators or security personnel to address.

Automotive IDSs typically employ two main detection methods:

1. Signature-based detection: Matches observed activity against a database of known malicious patterns or signatures.

2. Anomaly-based detection: Identifies deviations from established normal network behavior or activity baselines, flagging any unusual activities that might indicate a potential intrusion.

It’s important to note that an intrusion detection system is a monitoring tool, meaning it detects threats but does not actively prevent or mitigate them. Upon detecting anomalous behavior or a potential threat, the IDS sends an alert, allowing administrators to investigate and take appropriate action.

Types of Automotive IDS

IDSs are categorized based on their deployment location and the scope of activity they monitor. In the automotive context, we will discuss two main types:

1. Network-based IDS (N-IDS)

A network-based IDS monitors the entire vehicle network for anomalous activity, checking all incoming and outgoing traffic. This provides a broad, network-level view of potential threats and can detect attacks targeting the vehicle’s communication channels or network infrastructure.

2. Host-based IDS (H-IDS)

A host-based IDS is a security software designed to monitor the activities of an individual host or vehicle component, such as an Electronic Control Unit (ECU). It focuses on detecting threats targeting specific systems or components within the vehicle, providing a more granular level of cybersecurity monitoring.

While implementing either one of these intrusion detection system types will help protect an automobile from cyber attacks, most contemporary vehicles will benefit from a mix of both host-based and network-based IDS. For instance, Autocrypt’s IDS combines both network-based and host-based IDS to ensure maximum threat monitoring coverage across the vehicle’s network and individual components.

Comprehensive Vehicle Protection

To ensure comprehensive vehicle protection, automakers are highly advised to implement multiple cybersecurity solutions simultaneously. Since an IDS is a monitoring-only device, pairing it with an Intrusion Prevention System (IPS) would ensure that malicious activities are not only detected but also mitigated.

Additionally, implementing diverse cybersecurity measures will help automakers better address the requirements of vehicle cybersecurity regulations like UN R155 and R156, which mandate cybersecurity throughout the entire vehicle lifecycle.

By adopting a multi-layered approach with complementary cybersecurity solutions like IDS, IPS, and others, automakers can significantly enhance the overall security posture of their vehicles, safeguarding them against a wide range of cyber threats in today’s connected automotive landscape.


Visit our in-vehicle security solutions page to find the solution that best fits your cybersecurity needs.

Follow AUTOCRYPT on LinkedIn to stay informed about our latest news and blogs.

AUTOCRYPT Highlights Innovations in Secure and Sustainable Mobility at ITF 2024 Summit

At the ITF 2024 Summit, AUTOCRYPT showcased its Cybersecurity Testing Platform (CSTP) for vehicle type approval, and its Charging Station Management System (CSMS) for charge point operators

LEIPZIG, May 29, 2024 — At the International Transport Forum (ITF)’s annual summit, AUTOCRYPT, a leading company in automotive cybersecurity and mobility technology, highlighted the critical importance of cybersecurity innovations within the industry. AUTOCRYPT showcased its Cybersecurity Testing Platform (CSTP) designed for UN R155 compliance, as well as its Charging Station Management System (CSMS) for securing electric vehicle charging.

This year marks AUTOCRYPT’s third consecutive attendance at the ITF Summit. As one of the 33 members—and the only cybersecurity company—on the ITF’s Corporate Partnership Board (CPB), AUTOCRYPT has been actively contributing to transport policymaking by sharing its expertise in cybersecurity for vehicular systems and connected road infrastructure.

At this year’s summit, AUTOCRYPT welcomed numerous transport policymakers to its booth to discuss the future of transport security and environmental sustainability. Notable visitors included Germany’s Minister of Digital Affairs and Transport, Volker Wissing; Lithuania’s Minister of Transport and Communications, Marius Skuodis; and South Korea’s Vice Minister for Transport, Baek Won Kug.

From left to right: South Korea’s Vice Minister for Transport, Baek Won Kug; AUTOCRYPT Chairman, Seokwoo Lee; Germany’s Minister of Digital Affairs and Transport, Volker Wissing; AUTOCRYPT Global CTO, Daniel ES Kim, Lithuania’s Minister of Transport and Communications, Marius Skuodis; ITF Secretary-General, Young Tae Kim

AUTOCRYPT’s Global Chief Technology Officer (CTO), Daniel ES Kim, participated in a panel discussion with industry thought leaders on building resilient and sustainable transport in the age of digitalization and AI. When asked about managing potential risks of digitalization, he emphasized the need for “a comprehensive approach that involves standards, regulations, and innovations to implement secure solutions into our vehicles and infrastructure.”

About Autocrypt Co., Ltd.

AUTOCRYPT is the industry leader in automotive cybersecurity and connected mobility technologies. The company specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and mobility platforms, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides consulting and testing services along with custom solutions for UN R155/156 and ISO/SAE 21434 compliance.

Compliance with UN R156: Securing Vehicle Software Updates

In the past, vehicles were purchased with a fixed set of functionalities that remained unchanged until the owner acquired a new vehicle. However, modern cars have evolved into customizable platforms with software that can be continuously updated and enhanced.

To meet the growing demand for personalization and remain competitive, manufacturers now offer advanced features that can be subscribed to and downloaded onto vehicles at any time after purchase. These functionalities, such as entertainment applications, driver assistance systems, self-driving capabilities, and others, are constantly being improved and updated.

Maintaining this kind of flexible software structure requires vehicle manufacturers to implement periodic update procedures. However, since these updates essentially alter the vehicle’s software and carry a fair amount of potential risks, it is crucial that they are implemented in the most secure way possible. This is where the UNECE Regulation 156 (UN R156) comes into play, establishing a much-needed framework for secure vehicle software updates.

UN R156 Requirements

UNECE Regulation 156 establishes the minimum cybersecurity and Software Update Management System (SUMS) requirements for vehicle manufacturers. According to the regulation, manufacturers must implement the SUMS and demonstrate that they have the necessary processes in place to comply with all secure software update requirements. The requirements can be divided into two main categories:

  1. Software Update Management System Requirements: These include securing communication channels for updates, validating software integrity, implementing access control mechanisms, and maintaining update logs for auditing purposes.
  2. Vehicle Type Requirements: Specific rules and standards that vehicles must meet to ensure secure software updates.

As vehicles become increasingly software-defined, the ability to update their software securely and efficiently is paramount as unsecured software updates can leave vehicles vulnerable to cyber threats, such as malware infections, data breaches, or even remote control of vehicle systems. These risks can compromise vehicle safety, privacy, and security, making it essential to implement robust cybersecurity measures for software updates.

Securing Updates for UN R156 compliance

UNECE Regulation 156 requires manufacturers to implement appropriate cybersecurity measures to mitigate potential risks from software updates. These measures include:

  • Implementing a software update management system
  • Securing communication channels for update processes
  • Validating software integrity to prevent tampering
  • Implementing access control mechanisms to protect against unauthorized access
  • Maintaining update logs for auditing purposes

AUTOCRYPT offers a suite of in-vehicle cybersecurity products and solutions that implement the necessary security processes in line with UN R156 requirements for secure software updates. Apart from cybersecurity implementation, we also offer UN R155/156 compliance consulting services. Visit our UNECE WP.29 Consulting page to learn more and download the WP.29 regulation checklist outlining the steps for UNECE regulation compliance.


As the automotive industry continues to embrace software-defined vehicles, UN R156 plays a crucial role in ensuring the safe and secure updating of vehicle software. By establishing baseline requirements for cybersecurity and software update management systems, this regulation helps protect vehicles, their occupants, and the broader transportation ecosystem from potential cyber threats. Compliance with UNECE Regulation 156 is a critical step towards building a safer and more secure future for the automotive industry.

Bayanat and AUTOCRYPT Sign MOU to Advance Autonomous Driving and AI Smart Roads in the Region

Under the agreement, firms aim to develop a comprehensive V2X infrastructure plan

ABU DHABI, Apr. 26, 2024 — Bayanat, a leading provider of AI-powered geospatial solutions, has signed a memorandum of understanding (MoU) with AUTOCRYPT, an industry-leading vehicle-to-everything (V2X) and automotive cybersecurity technology firm, to combine its expertise in V2X infrastructure deployment with Bayanat’s AI Smart Roads, enabling and advancing Level 4+ autonomous driving.

The MoU was signed by Abdulla Al Shamsi, Chief Operating Officer of Bayanat, and Seokwoo Lee, AUTOCRYPT’s Chairman and Co-founder, at DRIFTx, an international exhibition supported by the Abu Dhabi Investment Office (ADIO) dedicated to advancing the future of smart and autonomous mobility across air, land, and sea. Under the agreement, Bayanat and AUTOCRYPT will explore a V2X infrastructure deployment strategy, joint R&D projects, and collaboration opportunities.

By combining their expertise to accelerate the development of core technologies for the future of transportation, the companies will develop a comprehensive V2X infrastructure plan.

Abdulla Al Shamsi, Bayanat COO, said: “Our partnership with AUTOCRYPT marks a pivotal moment in our journey towards revolutionizing AI autonomous driving and Smart Road technology. Bayanat is well aligned with the UAE’s strategy for sustainability and is developing technology to provide cutting-edge mobility solutions while allowing for streamlined travel that is not limited by human error. This partnership supports the UAE’s dedication to improving urban development by prioritizing smart mobility and infrastructure initiatives that make our cities more efficient, sustainable, and livable.”

Seokwoo Lee, commented: “We are thrilled to collaborate with Bayanat on developing secure and reliable V2X infrastructure for the UAE’s smart roads. Having played a major role in all of South Korea’s V2X infrastructure development projects throughout the past decade, we look forward to contributing our expertise to this rapidly expanding market.”

Cybersecurity Management System for UNECE Regulation 155

The automotive industry is entering an important stage of cybersecurity implementation. In July of 2024, UNECE Regulation 155 (UN R155) about vehicle cybersecurity and Cybersecurity Management Systems (CSMS) is coming into full force. What does this mean for the larger automotive industry?

Vehicle manufacturers across the 64 WP.29 member countries will be required to adhere to regulatory compliance measures outlined in UNECE Regulation 155. Vehicles that do not comply with the regulations will not be eligible for registration starting July 2024. We can already see how the regulation is affecting the industry in the recent Porsche announcement. The company stated that they will be discontinuing the combustion-powered 718 Boxster convertible and the 718 Cayman models in certain countries, due to not meeting the cybersecurity standards outlined in UN R155 legislation.

UN R155 is a set of regulations developed by the United Nations Economic Commission for Europe (UNECE) pertaining to cybersecurity in vehicles. The regulation establishes cybersecurity requirements for the vehicle manufacturing process and vehicle type approval, aimed at enhancing the security of connected vehicles and increasing resilience against cyber threats.

Essential Approval Requirements

The essential UN R155 approval requirements for automotive cybersecurity, address standards and protocols for securing connected vehicles against cyber threats. However, UN R155 does not only focus on vehicle cybersecurity. The regulation oversees the entire vehicle manufacturing process, enforcing cybersecurity measures to be incorporated on an organizational level and throughout the vehicle’s entire lifecycle.

OEMs wishing to receive UN R155 approval must implement a cybersecurity management system that verifies secure operations throughout the vehicle development, production, and post-production phases.

Upon CSMS implementation OEMs must go through a CSMS assessment process, also known as a CSMS audit, that will be conducted by an appointed Approval Authority. During a CSMS audit, the Approval Authority assesses and verifies the manufacturer’s compliance with the requirements outlined in UN R155. If the assessment deems cybersecurity management system implementation successful, the OEM obtains the Certificate of Compliance for CSMS. The Certificate of Compliance is valid for three years and can be extended upon expiration.

Requirements for CSMS

The requirements for the Cybersecurity Management System are holistic in nature and call for vehicle manufacturers to follow cybersecurity-by-design principles. From a grander organizational perspective to granular vehicle attack vector assessments, the CSMS requirements seek appropriate cybersecurity measures that continuously monitor, detect, and respond to cyber threats across the vehicle development lifecycle According to UN R155, vehicle manufacturers should ensure that their Cybersecurity Management System complies with the following stipulations:

1. The vehicle manufacturer shall demonstrate that their CSMS applies to the vehicle development, production, and post-production stages.

2. The vehicle manufacturer shall demonstrate that the processes used within their CSMS to ensure security is adequately considered and implemented continuously. This requirement entails cybersecurity management processes, risk identification, assessment, and mitigation.

3. OEMs are expected to stay on top of new cyber threats and vulnerabilities, keeping their security measures current.

4. Vehicle manufacturers must be able to provide relevant data to support analysis of attempted or successful cyberattacks to their designated Approval Authority.

5. OEMs shall demonstrate that the processes used within their CSMS will ensure that cyber threats and vulnerabilities are addressed and mitigated within a reasonable time frame.

6. Vehicle manufacturers must be able to demonstrate how their CSMS will manage dependencies that may exist with suppliers, service providers, or manufacturer’s sub-organizations. This means that OEMs are accountable for implementing and verifying cybersecurity practices along their supply chains.

Requirements beyond the CSMS

Meeting cybersecurity management system requirements and obtaining the CSMS Certificate of Compliance is the first step of the regulatory compliance process. UN Regulation 155 also includes an array of cybersecurity requirements for vehicle type approval. The type approval process focuses on the effectiveness of the security measures implemented in the actual vehicle and its components.

Our latest ebook delves into the key vehicle components to focus on for UN R155 type approval and can offer insight into how different vehicle components require different types of cybersecurity measures. 

Download eBook

Automotive cybersecurity implementation cannot be done in a one-size-fits-all manner. Different OEMs will have different cybersecurity and testing needs based on their organizational structures, vehicle manufacturing processes, and supply chains. With industry-leading expertise accumulated through years of experience in cybersecurity implementation, AUTOCRYPT offers professional consulting services for automotive OEMs and suppliers in establishing the CSMS.

To learn more about our CSMS Consulting Services and cybersecurity regulation compliance, contact global@autocrypt.io.

AUTOCRYPT and MicroNova Launch Strategic Partnership to Advance Automotive Cybersecurity

The Focus is on the development of innovative test solutions in the field of automotive cybersecurity

MUNICH, Feb. 28, 2024 — The increasing digitalization of vehicles is creating the need for innovative approaches to combat cyberattacks and ensure the integrity of vehicle electronics. The memorandum of understanding signed by the two companies specifies that they will work together on test solutions for the cybersecurity field. The focus will be on pentests (penetration tests) and fuzzing (automated software tests) as well as data forensics and vulnerability management during the test phase. The aim is to further improve the reliability of vehicles and meet the increasing requirements for networked mobility.

Joint Expertise for Automotive Cybersecurity

The cooperation between MicroNova and AUTOCRYPT combines the two companies’ comprehensive know-how in the field of automotive technology. MicroNova has decades of experience in test solutions for the automotive industry and will be contributing its skills in the areas of embedded test and validation, software development, and test automation. AUTOCRYPT is an expert in mobility security solutions and will be providing innovative products to protect vehicle communication systems from cyber threats.

“This partnership agreement with AUTOCRYPT represents a major step towards offering our customers pioneering applications in the field of cybersecurity,” explains Orazio Ragonesi, CEO of MicroNova. “Combining the strengths of our companies will enable us to develop customized solutions that meet current and future requirements for the safety of connected vehicles.”

Daniel ES Kim, CEO and co-founder of AUTOCRYPT, emphasizes: “Working together with MicroNova, we will be able to make full use of our expertise in creating innovative security solutions for the automotive industry. The combination of MicroNova’s comprehensive expertise in embedded systems for automotive applications with our decades-long expertise in vehicle safety will pave the way for groundbreaking developments.”

Daniel ES Kim, CEO of AUTOCRYPT (left), and Orazio Ragonesi, CEO of MicroNova (right), signing the letter of intent (Memorandum of Understanding) at MicroNova’s headquarters in Vierkirchen near Munich
About Autocrypt Co., Ltd.

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, and Plug&Charge, paving the way towards secure and reliable transport in the age of software-defined vehicles. Built to support both AUTOSAR and legacy vehicular platforms, AUTOCRYPT’s In-Vehicle Systems Security solution consists of embedded security libraries and algorithms, security testing tools and services, as well as threat mitigation solutions, helping automotive OEMs and suppliers comply with international standards and regulations like ISO/SAE 21434 and UN R155/156.

About MicroNova

MicroNova has been a software and systems vendor since 1987 and offers products, solutions and services in four business areas: testing of automotive electronicstechnology consulting, management of mobile radio and communication networks including energy management solutions based on the Industrial Internet of Things (IIoT) as well as the distribution of ITdigitalization and project management solutions. 400 experts work with technological competence and passion at the headquarters in Vierkirchen near Munich and at eight other locations in Germany and the Czech Republic. Numerous customers such as Audi, BMW, Continental, Telefónica Germany, Vodafone Germany and Volkswagen rely on MicroNova’s expertise.

*This press release is provided by MicroNova.